In an Oracle environment,
the Oracle Server acts as the client to a RADIUS server when an authorization request is
sent from an Oracle client.
Any authentication method that supports the RADIUS standard??”whether it be token cards,
smart cards, or SecurID ACE??”can easily be added to the RADIUS server as a new authentication
method without any changes being made on the client or server configuration files, such as
sqlnet.ora.
286 Oracle Database 11g DBA Handbook
3-Tier Authentication
In a 3-tier or multitier environment, an application server can provide authentication services for
a client and provide a common interface to the database server, even if the clients use a variety of
different browsers or ???thick??? client applications. The application server, in turn, is authenticated
with the database and demonstrates that the client is allowed to connect to the database, thus
preserving the identity of the client in all tiers.
In multitier environments, both users and middle tiers are given the fewest possible privileges
necessary to do their jobs. The middle tier is granted permission to perform actions on behalf of a
user with a command such as the following:
alter user kmourgos
grant connect through oes_as
with role all except ordmgmt;
In this example, the application server service OES_AS is granted permission to perform
actions on behalf of the database user KMOURGOS. The user KMOURGOS has been assigned
a number of roles, and they can all be enabled through the application server, except for the
ORDMGMT role.
Pages:
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483